Bug#463907: Creates tempfiles in a unsafe way

Sun, 03 Feb 2008 20:57:56 -0800 

Package: wml
Version: 2.0.11-1
Severity: serious
Tags: security

The following code in wml_backend/p1_ipp/ipp.src is obviously unsafe
(and actually causing practical problems during the Debian website
build):

$tmpdir = $ENV{'TMPDIR'} || '/tmp';
$tmpfile = $tmpdir . "/ipp.$$.tmp";
unlink($tmpfile);
$tmp = new IO::File;
$tmp->open(">$tmpfile") || error("cannot write into $tmpfile: $!");

Sadly enough this was fixed by the former maintainer for sarge but
apparently got lost when the new upstream was packaged for etch. See
the following code in sarge's version:

my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX';
$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n";
$tmpfile = $tmpdir . "/ipp.$$.tmp";
unlink($tmpfile);
$tmp = new IO::File;
$tmp->open(">$tmpfile") || error("cannot write into $tmpfile: $!");

You could probably just use that again.

Gruesse,
        Frank Lichtenheld

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (900, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.23-1-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wml depends on:
ii  eperl                     2.2.14-15      Embedded Perl 5 Language
ii  iselect                   1.3.1-3        An interactive line selection tool
ii  libbit-vector-perl        6.4-7          Perl and C library for bit vectors
ii  libc6                     2.7-6          GNU C Library: Shared libraries
ii  libimage-size-perl        3.1-3          determine the size of images in se
ii  libpng12-0                1.2.15~beta5-3 PNG library - runtime
ii  libterm-readkey-perl      2.30-3         A perl module for simple terminal 
ii  m4                        1.4.10-1       a macro processing language
ii  mp4h                      1.3.1-4        Macro processor for HTML documents
ii  perl                      5.8.8-12       Larry Wall's Practical Extraction 
ii  perl-base [perlapi-5.8.8] 5.8.8-12       The Pathologically Eclectic Rubbis
ii  slice                     1.3.8-9        Extract out pre-defined slices of 

Versions of packages wml recommends:
ii  libhtml-clean-perl         0.8-10        Cleans up HTML code for web browse
ii  linklint                   2.3.5-5       A fast link checker and web site m
ii  tidy                       20080116cvs-2 HTML syntax checker and reformatte
ii  txt2html                   2.50-2        Text to HTML converter

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to